L.P.H. van Belle
2021-May-28 08:09 UTC
[Samba] Debian 10 Samba 4.14.4 No acces to SYSVOL and NETLOGON from Windows 10
Get this script. Run it and set sysvol as shown. https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-set-sysvol.sh Then try again and let us know the result. IF it still isnt working. Run : https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh And post the output.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Mueller via samba > Verzonden: vrijdag 28 mei 2021 9:51 > Aan: samba samba > Onderwerp: [Samba] Debian 10 Samba 4.14.4 No acces to SYSVOL > and NETLOGON from Windows 10 > > Dear all, > after a lot of learning I succeded with debian 10 and samba 4.14.4 > ntp and bind9_dlz is working, > The only issue is "SYSVOL" and "NETLOGON" > When I try to logon from my Windows 10 domainmembers to both > shares I get no > connection > Only logon from within my debian 10 host works: > > SYSVOL > root at dom:/var/lib/samba/private# smbclient //dom.plk.loc/sysvol > -UAdministrator > Enter PLK\Administrator's password: > Try "help" to get a list of possible commands. > smb: \> > root at dom:/var/lib/samba/private# smbclient //localhost/sysvol > -UAdministrator > Enter PLK\Administrator's password: > Try "help" to get a list of possible commands. > smb: \> > > NETLOGON > root at dom:/var/lib/samba/private# smbclient //localhost/netlogon > -UAdministrator > Enter PLK\Administrator's password: > Try "help" to get a list of possible commands. > smb: \> > > root at dom:/var/lib/samba# getfacl /var/lib/samba/sysvol > getfacl: Entferne f?hrende '/' von absoluten Pfadnamen > # file: var/lib/samba/sysvol > # owner: root > # group: 3000000 > user::rwx > user:root:rwx > user:3000000:rwx > user:3000001:r-x > user:3000002:rwx > user:3000003:r-x > user:3000004:rwx > group::rwx > group:3000000:rwx > group:3000001:r-x > group:3000002:rwx > group:3000003:r-x > group:3000004:rwx > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000001:r-x > default:user:3000002:rwx > default:user:3000003:r-x > default:user:3000004:rwx > default:group::--- > default:group:3000000:rwx > default:group:3000001:r-x > default:group:3000002:rwx > default:group:3000003:r-x > default:group:3000004:rwx > default:mask::rwx > default:other::--- > > root at dom:/var/lib/samba# getfacl > /var/lib/samba/sysvol/plk.loc/scripts > getfacl: Entferne f?hrende '/' von absoluten Pfadnamen > # file: var/lib/samba/sysvol/plk.loc/scripts > # owner: root > # group: 3000000 > user::rwx > user:root:rwx > user:3000000:rwx > user:3000001:r-x > user:3000002:rwx > user:3000003:r-x > group::rwx > group:3000000:rwx > group:3000001:r-x > group:3000002:rwx > group:3000003:r-x > mask::rwx > other::--- > default:user::rwx > default:user:root:rwx > default:user:3000000:rwx > default:user:3000001:r-x > default:user:3000002:rwx > default:user:3000003:r-x > default:group::--- > default:group:3000000:rwx > default:group:3000001:r-x > default:group:3000002:rwx > default:group:3000003:r-x > default:mask::rwx > default:other::--- > > > How can I fix this? > > Greetings > Daniel > > > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
L.P.H. van Belle
2021-May-28 09:39 UTC
[Samba] Debian 10 Samba 4.14.4 No acces to SYSVOL and NETLOGON from Windows 10
This : C:\users\administrator.PLK.001 Is a windows problem, in general, but your also missing packages. So need fix samba config/server setup first. Nsswitch missing winbind, can be, just not recommended Also : mdns4_minimal [NOTFOUND=return] better move it after word dns Remove the left overs like : rc krb5-admin-server With : dpkg --remove --purge Then : apt install samba-vfs-modules Lets start here, and reboot server. Let us know if it works now. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Mueller [mailto:mueller at tropenklinik.de] > Verzonden: vrijdag 28 mei 2021 11:28 > Aan: 'L.P.H. van Belle' > Onderwerp: AW: [Samba] Debian 10 Samba 4.14.4 No acces to > SYSVOL and NETLOGON from Windows 10 > > I did run the scripts > root at dom:~/samba# ./samba-check-set-sysvol.sh > INFO 2021-05-28 11:07:28,733 pid:2025 > /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: > Loaded smb > config files from /etc/samba/smb.conf > INFO 2021-05-28 11:07:28,734 pid:2025 > /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: > Loaded services > file OK. > Review the file : default-rights-sysvol.acl, these contains > the defaults for > sysvol. > The sysvol ACLS info..... > > Please check your share rights for sysvol from within windows. > If these are incorrect, correct them and run this script again. > Set your sysvol SHARE permissions as followed. > EVERYONE: READ > Authenticated Users: FULL CONTROL > (BUILTIN or NTDOM)\Administrators: FULL CONTROL > (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL > User/Group system is added compaired to a win2008R2 sysvol, > you need this > for some GPO settings. > > Set your sysvol FOLDER permissions as followed. > Authenticated Users: Read & Exec, Show folder content, Read > (BUILTIN or NTDOM)\Administrators: FULL CONTROL > (BUILTIN or NTDOM)\SYSTEM, FULL CONTROL > > Did set it > Shares > Everyone read > Authenticated User read write change (full) > System full > Domain Admins (PLK) full > Administrators (PLK) full > > Security > Authenticated User read/exec list directory read > System full > Administrator full > Domain Admins full > Administrators full > > > > Result the same (restartet samba systemctl restart samba, did start > windows10 client and logged on) > > My win10 client is loged on with a temp-profile: > C:\users\administrator.PLK.001 > > root at dom:~/samba# ./samba-collect-debug-info.sh > Please wait, collecting debug info. > > Passwort f?r Administrator at PLK.LOC: > ./samba-collect-debug-info.sh: Zeile 220: samba: Kommando > nicht gefunden. > grep: : Datei oder Verzeichnis nicht gefunden > INFO 2021-05-28 11:13:14,501 pid:2145 > /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: > Loaded smb > config files from /etc/samba/smb.conf > INFO 2021-05-28 11:13:14,501 pid:2145 > /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: > Loaded services > file OK. > grep: : Datei oder Verzeichnis nicht gefunden > The debug info about your system can be found in this file: > /tmp/samba-debug-info.txt > Please check this and if required, sanitise it. > Then copy & paste it into an email to the samba list > Do not attach it to the email, the Samba mailing list strips > attachments. > > Collected config --- 2021-05-28-11:13 ----------- > > Hostname: dom > DNS Domain: plk.loc > FQDN: dom.plk.loc > ipaddress: 192.168.135.134 > > ----------- > > Kerberos SRV _kerberos._tcp.plk.loc record verified ok, > sample output: > Server: 192.168.135.134 > Address: 192.168.135.134#53 > > _kerberos._tcp.plk.loc service = 0 100 88 dom.plk.loc. > Samba is running as an AD DC > > ----------- > Checking file: /etc/os-release > > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > NAME="Debian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=debian > HOME_URL="https://www.debian.org/" > SUPPORT_URL="https://www.debian.org/support" > BUG_REPORT_URL="https://bugs.debian.org/" > > ----------- > > > This computer is running Debian 10.9 x86_64 > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state > UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > 2: enp1s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 > qdisc mq state > DOWN group default qlen 1000 > link/ether 00:25:90:38:7f:f4 brd ff:ff:ff:ff:ff:ff > 3: enp1s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > mq state UP > group default qlen 1000 > link/ether 00:25:90:38:7f:f5 brd ff:ff:ff:ff:ff:ff > inet 192.168.135.134/24 brd 192.168.135.255 scope global > noprefixroute > enp1s0f1 > inet6 fe80::225:90ff:fe38:7ff5/64 scope link noprefixroute > > ----------- > Checking file: /etc/hosts > > 127.0.0.1 localhost > 192.168.135.134 dom.plk.loc dom > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > ----------- > > Checking file: /etc/resolv.conf > > # Generated by NetworkManager > nameserver 192.168.135.134 > nameserver 192.168.135.230 > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > default_realm = PLK.LOC > dns_lookup_realm = true > dns_lookup_kdc = true > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > > [realms] > PLK.LOC = { > default_domain = plk.loc > kdc = dom.PLK.LOC 192.168.135.134 > admin_server = dom.PLK.LOC 192.168.135.134 > } > > [domain_realm] > dom = PLK.LOC > .plk.loc = PLK.LOC > plk.loc = PLK.LOC > > ----------- > > Checking file: /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages > installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files systemd > group: files systemd > shadow: files > gshadow: files > > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > > Warning, does not exist > > ----------- > > BIND_DLZ not detected in smb.conf > > ----------- > > Installed packages: > ii acl 2.2.53-4 > amd64 access control list - utilities > ii attr 1:2.4.48-4 > amd64 utilities for manipulating filesystem extended attributes > ii fonts-quicksand 0.2016-2 > all sans-serif font with round attributes > rc krb5-admin-server 1.17-3+deb10u1 > amd64 MIT Kerberos master server (kadmind) > ii krb5-config 2.6 > all Configuration files for Kerberos Version 5 > rc krb5-kdc 1.17-3+deb10u1 > amd64 MIT Kerberos key server (KDC) > ii krb5-locales 1.17-3+deb10u1 > all internationalization support for MIT Kerberos > ii krb5-multidev:amd64 1.17-3+deb10u1 > amd64 development files for MIT Kerberos without > Heimdal conflict > ii krb5-user 1.17-3+deb10u1 > amd64 basic programs to authenticate using MIT Kerberos > ii libacl1:amd64 2.2.53-4 > amd64 access control list - shared library > ii libacl1-dev:amd64 2.2.53-4 > amd64 access control list - static libraries and headers > ii libattr1:amd64 1:2.4.48-4 > amd64 extended attribute handling - shared library > ii libattr1-dev:amd64 1:2.4.48-4 > amd64 extended attributes handling - static libraries > and headers > ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 > amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism > ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-3 > amd64 Heimdal Kerberos - libraries > ii libkrb5-3:amd64 1.17-3+deb10u1 > amd64 MIT Kerberos runtime libraries > ii libkrb5-dev:amd64 1.17-3+deb10u1 > amd64 headers and development libraries for MIT Kerberos > ii libkrb5support0:amd64 1.17-3+deb10u1 > amd64 MIT Kerberos runtime libraries - Support library > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 shared library for communication with SMB/CIFS servers > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba winbind client library > ii python-samba 2:4.9.5+dfsg-5+deb10u1 > amd64 Python bindings for Samba > ii samba-common 2:4.9.5+dfsg-5+deb10u1 > all common files used by both the Samba server and client > ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba common files used by both the server and the client > ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba Directory Services Database > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 > amd64 Samba core libraries > ii spice-client-glib-usb-acl-helper 0.35-2 > amd64 Helper tool to validate usb ACLs > ii winbind 2:4.9.5+dfsg-5+deb10u1 > amd64 service to resolve user and group information > from Windows NT > servers > > ----------- > > > > > > > -----Urspr?ngliche Nachricht----- > Von: L.P.H. van Belle via samba [mailto:samba at lists.samba.org] > Gesendet: Freitag, 28. Mai 2021 10:10 > An: samba at lists.samba.org > Betreff: Re: [Samba] Debian 10 Samba 4.14.4 No acces to > SYSVOL and NETLOGON > from Windows 10 > > Get this script. > > Run it and set sysvol as shown. > https://raw.githubusercontent.com/thctlo/samba4/master/samba-c > heck-set-sysvo > l.sh > > Then try again and let us know the result. > IF it still isnt working. > > Run : > https://raw.githubusercontent.com/thctlo/samba4/master/samba-c > ollect-debug-i > nfo.sh > And post the output.. > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Mueller via > > samba > > Verzonden: vrijdag 28 mei 2021 9:51 > > Aan: samba samba > > Onderwerp: [Samba] Debian 10 Samba 4.14.4 No acces to SYSVOL and > > NETLOGON from Windows 10 > > > > Dear all, > > after a lot of learning I succeded with debian 10 and samba > 4.14.4 ntp > > and bind9_dlz is working, The only issue is "SYSVOL" and "NETLOGON" > > When I try to logon from my Windows 10 domainmembers to > both shares I > > get no connection Only logon from within my debian 10 host works: > > > > SYSVOL > > root at dom:/var/lib/samba/private# smbclient //dom.plk.loc/sysvol > > -UAdministrator Enter PLK\Administrator's password: > > Try "help" to get a list of possible commands. > > smb: \> > > root at dom:/var/lib/samba/private# smbclient //localhost/sysvol > > -UAdministrator Enter PLK\Administrator's password: > > Try "help" to get a list of possible commands. > > smb: \> > > > > NETLOGON > > root at dom:/var/lib/samba/private# smbclient //localhost/netlogon > > -UAdministrator Enter PLK\Administrator's password: > > Try "help" to get a list of possible commands. > > smb: \> > > > > root at dom:/var/lib/samba# getfacl /var/lib/samba/sysvol > > getfacl: Entferne f?hrende '/' von absoluten Pfadnamen # file: > > var/lib/samba/sysvol # owner: root # group: 3000000 user::rwx > > user:root:rwx user:3000000:rwx user:3000001:r-x user:3000002:rwx > > user:3000003:r-x user:3000004:rwx group::rwx group:3000000:rwx > > group:3000001:r-x group:3000002:rwx group:3000003:r-x > > group:3000004:rwx mask::rwx > > other::--- > > default:user::rwx > > default:user:root:rwx > > default:user:3000000:rwx > > default:user:3000001:r-x > > default:user:3000002:rwx > > default:user:3000003:r-x > > default:user:3000004:rwx > > default:group::--- > > default:group:3000000:rwx > > default:group:3000001:r-x > > default:group:3000002:rwx > > default:group:3000003:r-x > > default:group:3000004:rwx > > default:mask::rwx > > default:other::--- > > > > root at dom:/var/lib/samba# getfacl > > /var/lib/samba/sysvol/plk.loc/scripts > > getfacl: Entferne f?hrende '/' von absoluten Pfadnamen # file: > > var/lib/samba/sysvol/plk.loc/scripts > > # owner: root > > # group: 3000000 > > user::rwx > > user:root:rwx > > user:3000000:rwx > > user:3000001:r-x > > user:3000002:rwx > > user:3000003:r-x > > group::rwx > > group:3000000:rwx > > group:3000001:r-x > > group:3000002:rwx > > group:3000003:r-x > > mask::rwx > > other::--- > > default:user::rwx > > default:user:root:rwx > > default:user:3000000:rwx > > default:user:3000001:r-x > > default:user:3000002:rwx > > default:user:3000003:r-x > > default:group::--- > > default:group:3000000:rwx > > default:group:3000001:r-x > > default:group:3000002:rwx > > default:group:3000003:r-x > > default:mask::rwx > > default:other::--- > > > > > > How can I fix this? > > > > Greetings > > Daniel > > > > > > > > > > > > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >